[JIRA] [core] (JENKINS-21237) Jenkins should use LaunchAgents under OSX

[cow...@java.net (JIRA)]

cowwoc commented on JENKINS-21237 Jenkins should use LaunchAgents under OSX @randall I don't buy the security argument for two reasons: There will always be security exploits. Security is a bottomless pit. As such, you are chasing more of a theoretical problem than a concrete one. We know for a fact that using ~/LaunchAgents fixes a much-needed use-case that cannot be run with LaunchDaemons. I would be more than happy to use a more secure solution if it was possible; but (as far as I can tell) it is not. Now, more concretely... The login plist/hook approaches force control back to the login screen immediately after logging in. How would you exploit that? I agree that we should get user consent for installing Jenkins. If anyone chooses to install it on their machine, we can (and should) explain what username will get used and that autologin will take place. Installing for "All Users": I still don't understand how this is more secure, but even if it is ... we'd still need to find a way to ensure that Jenkins doesn't run multiple times per computer. If my wife and I share the same computer, and each has their own profile, we don't want Jenkins to launch dialogs every time we log in.

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.